The action of the rogue worker, who The New York Times reported Friday was a contractor rather than a full-time employee, quickly caused Twitter to launch an internal investigation.

That a seemingly low-level Twitter staffer had the ability to delete the account of the most powerful person in the world has caused some to question Twitter’s commitment to safeguarding the security of its highest-profile users.

The answer to how a Twitter employee was able to delete Trump’s account is relatively simple.

Hundreds of Twitter employees across the company’s customer support, trust and safety, and engineering teams have the ability to delete accounts and individual tweets without the need for approval, according to a source familiar with the matter. Such access to accounts is granted for a range of reasons, like policy enforcement if an account is violating Twitter’s content rules, or for handling more rudimentary user support requests.

Lots of access, but few perks

Outside contractors employed by Twitter, such as the one who deleted Trump’s account, have the same level of access to delete accounts and tweets as full-time employees, the source said. Deleting an account does not require an computer coding skills – there’s a visual dashboard-like interface that makes it easy to do.

Most Twitter contractors work inside either Twitter’s San Francisco, California or Dublin, Ireland headquarters and wear Twitter badges. Yet the same contractors who have access to critical parts of the product (such as the power to delete accounts) are barred from attending companywide “Tea Time” meetings with executives, due to concerns about company confidentiality, according to the source.

Unlike full time employees, the contractors are not awarded company stock.

While it has been easy for Twitter employees to delete accounts on their own, the ability to take over an account like Trump’s and send a tweet or private message has historically been more difficult, per the source.

Difficult to tweet from an account, but not impossible

caption

Donald Trump.

source

Alex Wong/Getty Images

If a Twitter staffer decided he or she wanted to send a tweet from an account, the employee would have to reset the email address associated with the account and request a password reset using that new email address. Thanks to an investigation by the Federal Trade Commission into Twitter’s security practices during its early days as a company, the number of employees with access to reset account emails is much smaller than the number of employees who can delete accounts or tweets.

Additional security measures are in place for verified accounts with large followings that are part of an internal “Very Important Tweeters” list, the source said. (Trump is on the list.) Internal alarm bells also go off to alert other employees whenever a verified account’s email is being reset. A Twitter account could also have two-factor security turned on that would make it impossible to reset an account password without access to an associated phone number.

One way Twitter could strengthen its internal security is by requiring that a second employee or supervisor approve an account’s deletion, the source suggested. The company has not required such approval in the past.

In an update on its investigation into Trump’s account deletion, Twitter said Friday that it “implemented safeguards to prevent this from happening again” but declined to explain the additional measures taken. A Twitter spokesperson declined to comment further for this story.